How to Manage an SEC Exam

How to Manage an SEC Exam
08/16/2022

On average, an investment adviser will undergo an SEC exam every 5–7 years. For most advisers and Chief Compliance Officers (CCOs), the process can be stressful. At Joot, we're constantly helping clients manage the SEC examination process. Here are some tips and best practices that we use to make the process as smooth as possible.

Summary of the SEC Examination Process

Usually, a member of the SEC staff will call to notify you of the upcoming exam. Afterward, they will send you a letter summarizing the exam process and requesting information. In most cases, you will have two weeks to gather the information and submit it to the SEC. About a week after the initial submission, SEC staff will schedule an initial interview with the CCO and possibly others from the investment advisory firm.

After the initial information request, before the initial interview, and after the initial interview, SEC staff will request clarifications and additional information. Don’t panic. You didn’t do anything wrong (hopefully—fingers crossed). You usually get about five business days to respond, although this period may be shorter or longer. Be sure you understand exactly what the staff wants and when they want it.

After a few rounds of information requests and your initial interview, SEC staff will schedule an exit interview. Depending on your exam, this can be anywhere from one to three months after the exam started; in rare cases, even longer. During the exit interview, the staff might discuss deficiencies or issues they noted during the exam, all of which the staff will document in an exit letter. Once you get the exit letter, you will have about 30 days to respond. Be thoughtful in your response. If you disagree with the staff, do so respectfully. But understand that a deficiency is feedback that will, in most cases, help you improve your compliance program or documentation. Identify which deficiencies you plan to address and explain to SEC staff how you will fix them. They will likely follow up to ensure that you implemented the fix.

Pro Tips for Surviving, and Thriving, during an SEC Exam

  1. Breathe. That’s right—take a deep breath. Going through an SEC exam is not surgery. You’re not under investigation. The SEC is not looking to “get you.” So keep calm and carry on.

  2. Notify stakeholders. Once the SEC notifies you of an examination, you should notify other people who will play a part in the examination process. These people often include chief executive officers, chief operating officers, chief financial officers, chief marketing officers, general counsel, external legal counsel, or people with similar roles. Usually, these people or their designees will be involved in gathering responses to information requests or participating in interviews with SEC examination staff. So let them know that over the next few weeks (or months), you will need their help. Make sure they understand that responding to or participating in the exam process is a high priority.

  3. Get organized. After notifying you of the examination, the SEC will send you a written request for information. These request letters will contain 14–30 separate items, many with subparts. Your response will contain dozens of files such as spreadsheets, reports, advertisements, legal documents, SEC filings, and more. Often, your response package will be hundreds or thousands of pages long. Taking time to get organized at the start of the exam will help the process run efficiently and show the SEC that you are a professionally managed organization, not a bunch of amateurs.

    • Divide the response letter into sections. The SEC request letter will include information from the following operational areas:
      • Operations. The request letter will ask for information about your business, such as these items:
        • An organizational chart showing key employees and affiliated businesses
        • A list of supervised persons and employees
        • A list of key service providers
        • Other business information
        • Client information such as the types and number of accounts you manage, assets under management, private and registered fund information, and more
        • Copies of investment advisory agreements and other agreements
      • Compliance. SEC staff will do a thorough review of your compliance program and documentation. Items in this section include the following:
        • Compliance manual
        • Regulatory correspondence
        • No-action letters and exemptive relief orders
        • Compliance violations and exception reporting
        • Annual compliance reports
        • Code of Ethics attestations, reports, and other materials
        • AML program
      • Legal. Hopefully, you don’t have much to report under this section, as the SEC will want to know about these items:
        • Client complaints
        • Litigation, arbitration, and administrative proceedings
        • Settlements
        • Corporate governance information about your legal structure, board of directors, etc.
        • Minutes of board or committee meetings
        • Insurance information
      • Portfolio Management. SEC staff is keen to review the following:
        • Suitability and investment profiles
        • Portfolio allocations and securities holdings
        • Trade blotters
        • Best execution
      • Sales and Marketing. Items from this department include the following:
        • All advertising during the period
        • Links to all websites
        • Revenue sharing and solicitor arrangements
      • Finance. The SEC will always ask for financial records, so be prepared to provide the following:
        • Balance sheet
        • P&L statement
        • General ledger, receipts, and disbursement journals
        • Shareholder reports
        • Audit information

As you can see, the information request is robust and detailed. Don’t try to do it alone. Get help from each department. As the CCO, your job is to oversee the exam response and coordinate the various parts of your business. Think of yourself as the quarterback of the team. You call the plays and make the decisions, but every part of your business has a role to play.

  1. Put your response team together. Identify who is going to help you gather the information needed to respond to the SEC. Get your A-team together and be sure they understand their assignments and due dates.

  2. Schedule a kickoff meeting. Once you’re organized, schedule a kickoff meeting to review the request letter with all stakeholders. Identify each item that requires a response, who owns it, and the deadline for submitting the materials. The SEC will give you a response date, but we recommend you have all materials prepared at least three business days before the response date, so you have time to ensure all responses are accurate and complete.

  3. Review all materials as your team submits them to your response file. The CCO should review all information responses to ensure they are accurate and complete. Discuss any issues with the responding stakeholder.

  4. Schedule a status meeting. A few days before your internal response deadline, gather all your stakeholders for a status check. Identify any materials that are missing, incomplete, or have issues. Troubleshoot issues now, not on the SEC’s response date. If you need more time to gather a specific response, inform the SEC and ask for a reasonable extension (e.g., 3–5 business days).

  5. Prepare a response letter. Don’t just dump a bunch of files on the SEC; rather, prepare a response letter to each item request. Identify the attachments related to each request and provide color coding or additional information that will help with the SEC staff’s review. If there are issues related to any request, now is the time to be transparent.

  6. Submit materials on time. Sounds simple, but we’ve seen too many instances of advisers who think they’re ready for an exam only to learn that ther're missing all sorts of materials. Occasionally, asking for more time on one or two items is fine, but if you ask for a wholesale extension, you’re signaling to the SEC that your house is not in order. Either submit all requested materials by the deadline or, if you need an extension on a few items, submit the materials you have and meet the extended deadline for the few open items.

  7. Prepare an introductory presentation. Once you’ve submitted your materials, you should prepare a short slide deck that summarizes your business and key personnel. Treat the SEC like an institutional investor conducting due diligence on your firm. Be friendly and professional.

  8. Document all communication with SEC staff. When possible, communicate with SEC staff in writing (they prefer that method of communication). If you have questions on a staff request, it’s okay to call them, but afterwards, summarize your call in an email. Be clear on what you’re asking and your deliverables.

  9. Debrief. After you receive the exit letter, take time to debrief with your stakeholders. Identify what went well and what your firm needs to fix or improve. If there were deficiencies, discuss how the firm is going to address them. Get input from your stakeholders on exit letter responses and incorporate that feedback into your response letter.

  10. Deliver. After you submit your response to the SEC’s exit letter, make sure you address any deficiencies in a timely manner. You’re probably tired of dealing with the exam at this point, but now is not the time to step away. Address the deficiencies while they're fresh.

  11. Relax. As a CCO, you’ve worked overtime during the exam process. When it's over and you’ve addressed the deficiencies, take some time to relax and celebrate (hopefully) a clean exam!





RIA compliance can be repetitive and time consuming—so Joot created a technology platform to simplify these tasks and make your work more fulfilling.

We're currently building an additional tool tailored to your firm that simplifies the SEC exam and audit preparation process. Prepare, organize, and file to the SEC with confidence and join our waitlist to stay informed.

If you prefer a more hands-on approach, our services team can guide you through the exam process (and hand you a brown paper bag when you start to hyperventilate). We’ll even celebrate with you when you're done—and your compliance program is all the better for it.